Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

cvat — Vulnerabilities & Security Advisories 15

All 15 CVE vulnerabilities found in cvat, with AI-generated Chinese analysis, references, and POCs.

Vendor: cvat-ai

CVE IDTitleCVSSSeverityPublished
CVE-2026-23526 CVAT vulnerable to privilege escalation of users with staff status CWE-267 6.5AIMediumAI2026-01-21
CVE-2026-23516 CVAT vulnerable to XSS via skeleton SVG images CWE-83 6.5AIMediumAI2026-01-21
CVE-2025-68430 CVAT vulnerable to directory traversal via mounted share listing CWE-24 4.3AIMediumAI2025-12-19
CVE-2025-64485 CVAT: Mounted share file overwrite via crafted request CWE-22 7.1 -2025-11-07
CVE-2025-54573 CVAT vulnerable to email verification bypass by use of basic authentication CWE-287 4.3 Medium2025-07-30
CVE-2025-49135 CVAT missing validation for in-progress backup upload names CWE-639 6.5AIMediumAI2025-06-25
CVE-2025-48381 CVAT has information disclosure via browsable API CWE-201 4.3AIMediumAI2025-05-30
CVE-2025-23045 CVAT allows remote code execution via tracker Nuclio functions CWE-502 8.8 -2025-01-28
CVE-2024-47172 Computer Vision Annotation Tool (CVAT) access control is broken in several PATCH endpoints CWE-863 5.4 Medium2024-09-30
CVE-2024-47064 Computer Vision Annotation Tool (CVAT) contains a reflected XSS via request endpoints CWE-79 6.5 -2024-09-30
CVE-2024-47063 Computer Vision Annotation Tool (CVAT) contains a stored XSS via the quality report data endpoint CWE-79 6.5 -2024-09-30
CVE-2024-45393 Computer Vision Annotation Tool (CVAT) is missing authorization for endpoints related to webhook deliveries CWE-862 6.4 Medium2024-09-10
CVE-2024-37306 CVAT's export and backup-related API endpoints are susceptible to CSRF CWE-352 7.1 High2024-06-13
CVE-2024-37164 CVAT SSRF via custom cloud storage endpoints CWE-918 7.1 High2024-06-13
CVE-2022-31188 Server-Side Request Forgery Vulnerability in Computer Vision Annotation Tool (CVAT) CWE-918 8.6 High2022-08-01

All 15 known CVE vulnerabilities affecting cvat with full Chinese analysis, references, and POCs where available.